Search

Find a vulnerability

Search criteria

    12 vulnerabilities by wpb_show_core_project

    CVE-2024-1958 (GCVE-0-2024-1958)

    Vulnerability from nvd – Published: 2024-04-08 05:00 – Updated: 2025-03-28 18:56
    VLAI
    Title
    WPB Show Core < 2.7 - Reflected XSS
    Summary
    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/8be4ebcf-2b42-4b… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Bob Matyas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T21:10:50.775373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T18:56:21.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/8be4ebcf-2b42-4b88-89a0-2df6dbf00b55/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bob Matyas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:04.658Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/8be4ebcf-2b42-4b88-89a0-2df6dbf00b55/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.7 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1958",
        "datePublished": "2024-04-08T05:00:02.643Z",
        "dateReserved": "2024-02-27T20:17:40.593Z",
        "dateUpdated": "2025-03-28T18:56:21.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1956 (GCVE-0-2024-1956)

    Vulnerability from nvd – Published: 2024-04-08 05:00 – Updated: 2024-11-21 15:02
    VLAI
    Title
    WPB Show Core < 2.7 - Reflected XSS
    Summary
    The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/d7034ac2-0098-48… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Bob Matyas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:28:06.576007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T15:02:55.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bob Matyas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:15.741Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.7 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1956",
        "datePublished": "2024-04-08T05:00:02.454Z",
        "dateReserved": "2024-02-27T20:16:44.209Z",
        "dateUpdated": "2024-11-21T15:02:55.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1292 (GCVE-0-2024-1292)

    Vulnerability from nvd – Published: 2024-04-08 05:00 – Updated: 2024-10-31 14:28
    VLAI
    Title
    WPB Show Core < 2.6 - Reflected XSS
    Summary
    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/56d4fc48-d0dc-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Aly Khaled Aly Abd Al-aal WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1292",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T14:28:24.183511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T14:28:47.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aly Khaled Aly Abd Al-aal"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:07.585Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.6 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1292",
        "datePublished": "2024-04-08T05:00:01.286Z",
        "dateReserved": "2024-02-06T20:48:24.950Z",
        "dateUpdated": "2024-10-31T14:28:47.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5974 (GCVE-0-2023-5974)

    Vulnerability from nvd – Published: 2023-11-27 16:22 – Updated: 2024-11-21 19:18
    VLAI
    Title
    WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
    Summary
    The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/c0136057-f420-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , ≤ 2.2 (semver)
    Create a notification for this product.
    Credits
    Mohamed Abdelhady WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:25.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5974",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:18:04.282918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:18:37.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Abdelhady"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:02.863Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c= 2.2 - Unauthenticated Server Side Request Forgery",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-5974",
        "datePublished": "2023-11-27T16:22:02.863Z",
        "dateReserved": "2023-11-06T21:00:42.926Z",
        "dateUpdated": "2024-11-21T19:18:37.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4922 (GCVE-0-2023-4922)

    Vulnerability from nvd – Published: 2023-11-27 16:22 – Updated: 2024-08-02 07:44
    VLAI
    Title
    WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
    Summary
    The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/968d87c0-af60-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , ≤ 2.2 (semver)
    Create a notification for this product.
    Credits
    Mohamed Abdelhady WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Abdelhady"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:03.604Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c= 2.2 - Unauthenticated Local File Inclusion",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-4922",
        "datePublished": "2023-11-27T16:22:03.604Z",
        "dateReserved": "2023-09-12T19:34:51.513Z",
        "dateUpdated": "2024-08-02T07:44:52.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3484 (GCVE-0-2022-3484)

    Vulnerability from nvd – Published: 2022-11-14 00:00 – Updated: 2025-04-30 15:35
    VLAI
    Title
    WPB Show Core - Reflected Cross-Site Scripting
    Summary
    The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: TODO , ≤ TODO (custom)
    Create a notification for this product.
    Credits
    Abdulali AlDurazi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:01.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3484",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:34:49.763002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:35:33.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "TODO",
                  "status": "affected",
                  "version": "TODO",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Abdulali AlDurazi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-17T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3484",
        "datePublished": "2022-11-14T00:00:00.000Z",
        "dateReserved": "2022-10-13T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:35:33.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1958 (GCVE-0-2024-1958)

    Vulnerability from cvelistv5 – Published: 2024-04-08 05:00 – Updated: 2025-03-28 18:56
    VLAI
    Title
    WPB Show Core < 2.7 - Reflected XSS
    Summary
    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/8be4ebcf-2b42-4b… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Bob Matyas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T21:10:50.775373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T18:56:21.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/8be4ebcf-2b42-4b88-89a0-2df6dbf00b55/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bob Matyas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:04.658Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/8be4ebcf-2b42-4b88-89a0-2df6dbf00b55/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.7 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1958",
        "datePublished": "2024-04-08T05:00:02.643Z",
        "dateReserved": "2024-02-27T20:17:40.593Z",
        "dateUpdated": "2025-03-28T18:56:21.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1956 (GCVE-0-2024-1956)

    Vulnerability from cvelistv5 – Published: 2024-04-08 05:00 – Updated: 2024-11-21 15:02
    VLAI
    Title
    WPB Show Core < 2.7 - Reflected XSS
    Summary
    The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/d7034ac2-0098-48… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Bob Matyas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:28:06.576007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T15:02:55.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bob Matyas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:15.741Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.7 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1956",
        "datePublished": "2024-04-08T05:00:02.454Z",
        "dateReserved": "2024-02-27T20:16:44.209Z",
        "dateUpdated": "2024-11-21T15:02:55.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1292 (GCVE-0-2024-1292)

    Vulnerability from cvelistv5 – Published: 2024-04-08 05:00 – Updated: 2024-10-31 14:28
    VLAI
    Title
    WPB Show Core < 2.6 - Reflected XSS
    Summary
    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/56d4fc48-d0dc-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , < 2.7 (semver)
    Create a notification for this product.
    Credits
    Aly Khaled Aly Abd Al-aal WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1292",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T14:28:24.183511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T14:28:47.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aly Khaled Aly Abd Al-aal"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T17:28:07.585Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c 2.6 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1292",
        "datePublished": "2024-04-08T05:00:01.286Z",
        "dateReserved": "2024-02-06T20:48:24.950Z",
        "dateUpdated": "2024-10-31T14:28:47.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4922 (GCVE-0-2023-4922)

    Vulnerability from cvelistv5 – Published: 2023-11-27 16:22 – Updated: 2024-08-02 07:44
    VLAI
    Title
    WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
    Summary
    The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/968d87c0-af60-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , ≤ 2.2 (semver)
    Create a notification for this product.
    Credits
    Mohamed Abdelhady WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Abdelhady"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:03.604Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c= 2.2 - Unauthenticated Local File Inclusion",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-4922",
        "datePublished": "2023-11-27T16:22:03.604Z",
        "dateReserved": "2023-09-12T19:34:51.513Z",
        "dateUpdated": "2024-08-02T07:44:52.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5974 (GCVE-0-2023-5974)

    Vulnerability from cvelistv5 – Published: 2023-11-27 16:22 – Updated: 2024-11-21 19:18
    VLAI
    Title
    WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
    Summary
    The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/c0136057-f420-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: 0 , ≤ 2.2 (semver)
    Create a notification for this product.
    Credits
    Mohamed Abdelhady WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:25.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5974",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:18:04.282918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:18:37.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Abdelhady"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:02.863Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core \u003c= 2.2 - Unauthenticated Server Side Request Forgery",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-5974",
        "datePublished": "2023-11-27T16:22:02.863Z",
        "dateReserved": "2023-11-06T21:00:42.926Z",
        "dateUpdated": "2024-11-21T19:18:37.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3484 (GCVE-0-2022-3484)

    Vulnerability from cvelistv5 – Published: 2022-11-14 00:00 – Updated: 2025-04-30 15:35
    VLAI
    Title
    WPB Show Core - Reflected Cross-Site Scripting
    Summary
    The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown wpb-show-core Affected: TODO , ≤ TODO (custom)
    Create a notification for this product.
    Credits
    Abdulali AlDurazi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:01.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3484",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:34:49.763002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:35:33.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpb-show-core",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "TODO",
                  "status": "affected",
                  "version": "TODO",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Abdulali AlDurazi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-17T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPB Show Core - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3484",
        "datePublished": "2022-11-14T00:00:00.000Z",
        "dateReserved": "2022-10-13T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:35:33.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }